Manage many accounts with one API client

This guide shows you how to set up an API client for use with many accounts. Ordinarily, an API client can only access the account in which it is created. The process for setting up the specialized API client that lets you make calls across different APIs and accounts is slightly different than the process for creating a regular API client.

Before you start

Using this specialized API client requires the accountSwitchKey query parameter when you make your call. An accountSwitchKey indicates the specific account you want your call to apply to. If you make a call without the accountSwitchKey, the call applies to your API client’s default account.

This API client mimics your Control Center roles and permissions and lets you manage many accounts programmatically from one API client. To give you this same access, this type of API client uses your Control Center roles and permissions exactly as they appear in Control Center. If you want to change the group and role assignments for the API client, you must change your group and role assignments you have in Luna (or contact an administrator to do it for you). The changes you make to your Luna permissions cascade to the API client automatically and keep it in sync.

Important things to note:

Credentials on this type of API client expire on the same schedule as your account’s password rotation policy. You cannot edit the expiration date on these credentials, but you can create new credentials for this client.

The credentials, or tokens, work the same for SAML SSO user as they do for non-SAML SSO users.

Because this API client uses the same role assignments as the Control Center user the client belongs to, you can follow the same audit trail you normally would and see the API client’s activity just like if it was for the Control Center user.

You cannot change the owner of these API clients.

The API client no longer works once the user’s Control Center account is locked or disabled.

To use this type of client with an accountSwitchKey, you’ll need to get specific keys from the Identity Management API. Ensure you’ve provisioned the Identity Management API in your client.

Run the Dig command again, choosing a different location ID from the Ghost location results. For more information, refer to Run dig from a Ghost Location.

Resources

In this exercise, you learned how to create an API client to manage multiple accounts and use that client to make Akamai API calls. Here are some additional resources to expand your knowledge about Akamai APIs.